DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, filed 10/14/2020, with respect to the rejection(s) of claim(s) 1-12 have been fully considered and are persuasive.  Therefore, the previous ground of rejection has been withdrawn.  However, upon further consideration and newly identified reference(s), a new ground(s) of rejection is made in view of Sussland (US 7971234), Rubin (US 20130198512), and Anderson (10686831).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 is rejected under 35 U.S.C. 103 as being unpatentable over Palekar (US 20030226017) in view of Sussland (US 7971234).
As per claim 1, Palekar discloses a process for Transport Layer Security (TLS) intercept comprising: 
Palekar, Para. 0046, negotiating a secure tunnel, such as a TLS tunnel, between a wireless user, or a mobile user, and the authenticating computing device guarding the network the user wishes to access, the user's identification and the shared secret can be protected from rogue interceptors); 
Palekar does not disclose however, Sussland discloses determining by said intermediary that communication can be decrypted by use of an offline key (Sussland, Col 4, 17-20, The use of offline key establishment allows for such features as one way key sharing; and addresses situations where one party to the exchange does not want to share all of his keys, but just one or two keys.);
decrypting said communications by a decryptor (Sussland, Col 4, 31-33, When data are requested by an authorized host, the storage security appliance decrypts it, then forwards it to the appropriate network destination.).
Therefore, it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Sussland, with the system and method of Palekar, given the benefit of allowing networked devices to establish trust in connection with the exchange of keys pursuant to an asymmetrical cryptographic.
Claims 2, and 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Palekar (US 20030226017) in view of Sussland (US 7971234) in view of Rubin (US 20130198512).
As per claim 2, Palekar discloses a process for encrypted communication intercept comprising:
 providing access to encrypted communications (Palekar, Para. 0051, encrypted communications);
Palekar does not disclose; however, Sussland discloses collecting said encrypted communications with a monitor, wherein said monitor is separate from a decryptor capable of decrypting said encrypted communications (Sussland, Col 4, 7-17, Offline key sharing provides for the exchange of authentication information using a separate channel which, in the preferred embodiment does not constitute an IP, or network, connection. Thus, while communications between networked devices may ultimately proceed via a network connection, trust between the networked devices is established via a separate, offline channel); 
Therefore, it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Sussland, with the system and method of Palekar, given the benefit of allowing networked devices to establish trust in connection with the exchange of keys pursuant to an asymmetrical cryptographic.
Palekar and Sussland do not disclose; however, Rubin discloses receiving, by said monitor, an interception certificate (Rubin, Para. 0022, certificate);
storing, by said monitor, said interception certificate in a memory location (Rubin, Para. 0024, the content source returns the source's digital certificate, which is intercepted and stored by the meter);
accessing, by said monitor, said memory location to passively evaluate encrypted communication bits on the wire (Rubin, Para. 0021, the meter 105 inserts itself into a secure communication session established between the monitored client 110 and the content source 115, and obtains a session key and/or other ciphering information that is used to exchange encrypted traffic between the client 110 and the content source);
collecting, by said monitor, encrypted communication compliant with said evaluation (Rubin, Para. 0021, The meter 105 then uses the obtained session key and/or other ciphering information to decrypt and monitor the encrypted traffic exchanged between the monitored client 110 and the content source 115.); and 
sending, by said monitor, said collected compliant encrypted communication to said decryptor, wherein said decryptor decrypts said encrypted communication (Rubin, Para. 0021, The meter 105 then uses the obtained session key and/or other ciphering information to decrypt and monitor the encrypted traffic exchanged between the monitored client 110 and the content source 115. The decrypted network traffic and/or results of processing the decrypted network traffic are then reported by the meter 105 to the usage metering server 120.). 
Therefore, it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Rubin, with the system and method of Palekar and Sussland, given the benefit of inspecting encrypted communications while maintaining end-to-end encryption. 
As per claim 8, Palekar further discloses the process according to claim 2 where said chosen encryption protocol is Transport Layer Security (TLS) (Palekar, Para. 0062, The TLS Handshake Protocol is used to allow the two communicating endpoints to agree upon the parameters and algorithms to be used by the TLS Record Protocol.)
As per claim 9, Palekar and Sussland do not disclose; however, Rubin discloses process according to claim 2 of said monitor receiving said interception certificate comprising:
passing a decryptor public key in-band from a key manager (Rubin, Para. 0052, the traffic interceptor (e.g., the portion of which that is implemented in the meter by the meter kernel extension) performs a first portion of the operation, to intercept and copy the encrypted network traffic exchanged between the monitored client and the content source); and
receiving said decryptor public key without requiring a response from said monitor (Rubin, Para. 0051, the session key interceptor (e.g., the portion of which that is implemented in the meter by the meter kernel extension) performs the operation of, to intercept a reply message sent from the monitored client to the content source that contains a session key encrypted using the public key included in the meter's digital certificate.); 
wherein said decryptor public key is in the form of an interpretation certificate (Rubin, Para. 0022, certificate).
Therefore, it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Rubin, with the system and method of Palekar and Sussland, given the benefit of inspecting encrypted communications while maintaining end-to-end encryption. 
Claims 3-7 are rejected under 35 U.S.C. 103 as being unpatentable over Palekar (US 20030226017) in view of Sussland (US 7971234) in view of Anderson (US 10686831).
As per claim 3, Palekar discloses a system for Transport Layer Security (TLS) intercept comprising: 
a first network device which discloses key agreement material of said first network device (Palekar, Para. 0062, The TLS Handshake Protocol is used to allow the two communicating endpoints to agree upon the parameters and algorithms to be used by the TLS Record Protocol. Exchange of cryptographic parameters to allow the client and server to agree upon a pre-master secret; Exchange of certificates and cryptographic information to allow the client and server to authenticate themselves); 
a Transport Layer Security (TLS) tunnel established for communications between said first network device and said second network device (Palekar, Para. 0062, The TLS Handshake Protocol is used to allow the two communicating endpoints to agree upon the parameters and algorithms to be used by the TLS Record Protocol. Exchange of cryptographic parameters to allow the client and server to agree upon a pre-master secret; Exchange of certificates and cryptographic information to allow the client and server to authenticate themselves); 
a second network device which does not disclose key agreement material of said second network device (Palekar, Para. 0079,  the Challenge Handshake Authentication Protocol (CHAP) uses a three-way handshake to authenticate the client to the server. If the response from the client is different from the value calculated internally by the authenticator, then the client should not be authenticated. However, the authenticator can determine, whether the authentication that was negotiated allows for retries, and how many. If it does allow for retries, and the maximum number of retries has not been exceeded, then the authenticator sends another challenge to the peer. If no retries are allowed, or the maximum number has been reached, the connection is ended); 
Palekar does not disclose; however, Sussland discloses a decryptor for decrypting said communications (Sussland, Col 4, 31-33, When data are requested by an authorized host, the storage security appliance decrypts it, then forwards it to the appropriate network destination.).
Therefore, it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Sussland, with the system and method of Palekar, given the benefit of allowing networked devices to establish trust in connection with the exchange of keys pursuant to an asymmetrical cryptographic.
Palekar and Sussland do not disclose; however, Anderson discloses a monitor for intercepting said communications between said first network device and said second network device and said monitor determining said communications can be decrypted but is incapable of decrypting said communications (Anderson, Col 4, lines 48-52, any of the computing devices shown in FIGS. 1A-1B, particularly the PE routers 120, CE routers 110, nodes/device 10-20, servers 152-154 (e.g., a network controller located in a data center, etc.), any other computing device that supports the operations of network 100 (e.g., switches, etc.), or any of the other devices; Also, Col 5, lines 40-46, classifier process 248 may execute one or more machine learning-based classifiers to classify encrypted traffic in the network (and its originating application) for any number of purposes. In one embodiment, classifier process 248 may assess captured traffic data to determine whether a given traffic flow or set of flows are caused by malware in the network, such as a particular family of malware applications; Col 8, lines 29-37, CE-2 shown in FIG. 3 or another passive network monitoring device located between client node and a remote server may passively intercept packets of the encrypted traffic flow, to capture data regarding the certificate(s) themselves and potentially the flow, as well; Also Col 13, lines 22-27, wherein the machine learning classifier assesses the certificate data of the encrypted traffic flow without decrypting the encrypted traffic flow). 
Therefore, it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Anderson, with the system and method of Palekar and Sussland, given the benefit of causing a performance of a network action based on a result of the classification of the application.  
As per claim 4, Palekar discloses the system according to claim 3 wherein said first network device is a client device (Palekar, Para. 0048, client device). 
As per claim 5, Palekar discloses the system according to claim 3 wherein said second network device is a server device (Palekar, Para. 0048, server device). 
As per claim 6, Palekar and Sussland do not disclose; however, Anderson discloses the system according to claim 3 wherein said monitor observes communication packets and determines compliancy for security (Anderson, Col 8, lines 29-37, CE-2 shown in FIG. 3 or another passive network monitoring device located between client node and a remote server may passively intercept packets of the encrypted traffic flow, to capture data regarding the certificate(s) themselves and potentially the flow, as well;Also, Col 10, lines 40-67, monitoring/observing and assessing the characteristics of the traffic flow and determining if the traffic flow includes characteristics of the TLS context/ciphersuite data and whether the traffic flow is detected with any malware present.). 
Therefore, it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Anderson, with the system and method of Palekar and Sussland, given the benefit of causing a performance of a network action based on a result of the classification of the application.  
As per claim 7, Palekar discloses the system according to claim 3 wherein said first network device provides a recovery record to said monitor (Palekar, Para. 0081, a set of failure codes which can be returned in a message field of a “failure” packet and can provide useful information to the client in determining why authentication was unsuccessful. Additionally, MS-CHAP provides for a different formatting of the response packet, specifically, the value field can contain multiple responses encoded for a variety of programs.).
Claim 10-12 are rejected under 35 U.S.C. 103 as being unpatentable over Palekar (US 20030226017) in view of Sussland (US 7971234) in view of Rubin (US 20130198512) in view of Haynes (US 6161181).
As per claim 10, Palekar, Sussland and Rubin do not disclose; however, Haynes discloses the process according to claim 2 where said monitor is unable to decrypt said encrypted communication (Haynes, Col 7, lines 21-26, The outer envelope contains the inner envelope and other information, which is used to identify the recipient(s) and the desired services, among other things. The intermediary may recover this other information with the appropriate decryption, but it is unable to recover the message encrypted in the inner envelope.).
Therefore, it is obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Haynes, with the system and method of Palekar, Sussland and Rubin, given the benefit of securing electronic transactions that use a trusted intermediary to provide improved privacy, authentication, and non-repudiation.
As per claim 11, Palekar, Sussland and Haynes do not disclose; however, Rubin discloses process according to claim 10 where said encrypted communication is saved within said monitor; and 
sending said encrypted communication to said decryptor for decryption (Rubin, Para. 0021, The meter 105 then uses the obtained session key and/or other ciphering information to decrypt and monitor the encrypted traffic exchanged between the monitored client 110 and the content source 115. The decrypted network traffic and/or results of processing the decrypted network traffic are then reported by the meter 105 to the usage metering server 120.).
Therefore, it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Rubin, with the system and method of Palekar, Sussland and Haynes, given the benefit of inspecting encrypted communications while maintaining end-to-end encryption.
As per claim 12, Palekar, Sussland and Haynes do not disclose; however, Rubin process according to claim 10 where said encrypted communication is not saved within said monitor; and 
routing said encrypted communication to said decryptor for decryption (Rubin, Para. 0036).
Therefore, it is obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Rubin, with the system and method of Palekar, Sussland and Haynes, given the benefit of inspecting encrypted communications while maintaining end-to-end encryption.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Helfrich (US 20120149353): Decision support information is exchanged over a secure wireless network among mobile computing devices, and also optionally a central command computer. Each of the mobile computing devices has one or more sensors connected and interfaced to it. Output data from the sensor(s) can be sent over the network to one or more other devices on the network.
Brinskelle (US 8856869): Methods, systems, and apparatus relating to enforcement of same origin policy of sensitive data are described. In an embodiment, a security agent may help ensure release of sensitive data is only triggered by authorized sources. The security agent may help ensure sensitive data is only released to authorized destinations. A security agent may translate or obfuscate sensitive data. Sensitive data may include HTTP cookies, session data, authentication information, authorization information, personal information, user credentials, and/or other data sensitive in nature. Sensitive data destinations and/or sensitive data origins may be identified. Identification may be performed using secure means (such as for example a SSL/TLS handshake).
Markopoulou (US 20170325113): AntMonitor is a system for passive monitoring, collection and analysis of fine-grained, large-scale packet measurements from mobile devices. The system may be implemented on top of a VPN-based service and using two possible architectures: Client-Server or Mobile-Only. A current implementation of the Mobile-Only design may outperform other mobile-only approaches: it may achieve, for example, 2.times. and 8.times. faster (down and uplink) speeds, and close to the raw no-VPN throughput, while using 2-12.times. less energy. AntMonitor can scale to a large number of end-users, provide enhanced privacy protection, and enable accurate traffic classification.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANGELA R HOLMES whose telephone number is (571)270-3357.  The examiner can normally be reached on Monday-Friday 8:00AM-4:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

ANGELA R. HOLMES
Examiner Art Unit 2498



/YIN CHEN SHAW/
Supervisory Patent Examiner, Art Unit 2498